You are on page 1of 4

Prepared by: _____

Date: ___________
Reviewed by: ____
Date: ___________
ORGANIZATION NAME
INTERNAL CONTROL QUESTIONNAIRE

PURPOSE: MANAGEMENT OF FRAUD ICQ

Introduction

Fraud – the very word sends shivers down people’s spines.

Facts About Fraud

· Fraud is always unexpected and a surprise to management.

· Fraud is always symptomatic of weaknesses in the internal control framework.

· Fraud is perpetrated by employees by employees who have been with the


organization for a long time. An employee with a distinguished service record can
undertake it.

· Fraud can be as simple, as forging a signature or as complex as involving more


than one person inside or outside an organization.

What does it feel like?

Imagine the flu virus, slowly it enters our bodies, unseen and undetected infecting us. The
symptoms can be nausea, high temperature, fever, body pain, headache, vomiting etc.
Some people recover from this, after taking a dose of Paracetamol or antibiotics, for some
people the effects are fatal – they never recover. The virus adapts and new strains
develop all the time.

Fraud is such a virus and the antidote is having strong internal controls, top management
support and a Fraud and Corruption Policy. Paracetamol and antibiotics can be used as a
preventive or recovery measure. Similarly, a Fraud and Corruption Policy should have its
preventive and recovery aspects.

Outlined below is an ICQ detailing some of the questions that Management or Internal
Audit should be asking when thinking about managing the risk of Fraud.

Department: Auditable Function:

Discussed with: Date:

Question Yes No N/A Comments


Policy Statement

• Does the organization have a


policy statement with respect to
fraud?
• Who is/was responsible for the
issue of this statement?
• Has this policy statement been
Board approved?
• Is this statement widely
publicized in the organization?
• Is this statement reviewed
annually?
• Is the policy statement linked to
a Controls Assurance Standard?

Fraud and Corruption Policy

General

Management of Fraud ICQ.doc


Prepared by: _____
Date: ___________
Reviewed by: ____
Date: ___________
•Does the organization have a
Fraud and Corruption Policy?
• Has this policy been approved
by the Board?
• What kind of aspects does the
policy deal with (e.g. preventive,
investigative or recovery
aspects)?
• What are the objectives of the
policy?
• To whom does the policy apply?
• Who is responsible for
ownership of the Fraud Policy?
• Who is responsible for its
administration?
• In terms of a Code of Conduct
and Accountability, does the
organization set out the
principles of accountability,
probity and openness?
• How is fraud defined?
• How are fraud risks monitored
e.g. through risk registers?
Roles and Responsibilities

Does the organization specify roles


and responsibilities within the Fraud
Policy?
What are the roles and responsibilities
of the following individuals/groups:

1. The Audit Committee


2. The Board
3. HR Function
4. Fraud Liaison Officer

Reporting Fraud and Corruption

What is the procedure for reporting


suspicions of fraud?
What guidance is provided on dealing
with incoming mail (such as
anonymous letters)?
Who are the first points of contact for
reporting suspected dishonesty?
Does the organization operate a Fraud
Hot-line?
Does the organization have a Whistle
blowing Policy, which sets out the
principles for protection of employees
when reporting suspicions?

Response to Fraud and Corruption

Does the organization keep a register


of fraud?
Who is responsible for maintenance of
this register?
Who has access to this register?
Is it held securely?
Who is responsible for the
investigation?
Who oversees the investigation?

Management of Fraud ICQ.doc


Prepared by: _____
Date: ___________
Reviewed by: ____
Date: ___________
Do written reports have to be submitted
and to whom?
How does the organization deal with
enquiries from the media?
Are employees suspended from work
pending an investigation?
Are all reasonable means of recovering
any identified loss pursued?

Investigation of Fraud and Corruption

Who monitors actual resources used


against the agreed budget?
If a member of staff refuses to
cooperate in a workplace investigation,
are they liable to disciplinary action?
How is the interview recorded?
If the interview is tape recorded, is this
with the permission of the suspect?
What does the organization do to
create a similar occurrence of fraud in
the future?

Matters to be reported

If an employee is charged with a


criminal offence involving potential
exposure to a term of imprisonment,
are they required to report this and who
to?
If an employee is the subject of an
improper approach where a bribe is
offered, is there a requirement for this
to be reported and to whom?

Rights of Employees and Ex-


Employees Suspected of Fraud

Is there a presumption of innocence,


unless proved otherwise?
At fact finding or investigative
interviews, are employees suspected
of dishonesty entitled to representation
and by whom?
If no, under what circumstances does
the organization make exceptions/
What is the procedure for a disciplinary
interview?
Under what circumstances would the
employee’s services be terminated?
What does the organization deal with
resignations in the face of dismissal?
What are the obligations of employees
during notice periods and upon
termination of employment?
How does the organization deal with
complaints?
How does the organization deal with
apparently mitigating circumstances?
How does the organization deal with
theft and threats?
Rights and Responsibilities of Third
Parties

Management of Fraud ICQ.doc


Prepared by: _____
Date: ___________
Reviewed by: ____
Date: ___________

Where contractors are used or there is


a partnering arrangement, are the
same privileges as employees
extended to them and are they made
aware of the organization’s Fraud
Policy?
Investigating Principles

Are the investigators who are used


competent?
What assurance can be provided to
Management on the subject of
competency??
Is there an approved list of
investigators?
How are information sources
protected?

Budgets and Accounting

How are investigative costs charged?


Who maintains the budget for these
costs?

Recovery

Who is responsible for making claims


under insurance policies?

Reporting Suspicions to and Working


with the Police

• What is the process for notifying


the police?

Conclusion

Fraud is a risk that cannot be ignored. It is like a cancer and needs to be


treated/terminated. A Fraud Policy is the first step in the journey to mitigate against the
risk of Fraud.

Maxima Group Plc in conjunction with Davies Arnold Cooper have created the world’s
first generic Fraud Policy (the website address is www.maximagroup.com).
The contact point and email address is admin@maxima-group.com. The general ideas
contained in this ICQ are expanded in greater detail within their Fraud Policy. I based
my Model Fraud and Corruption Response Plan on their policy. They are one of the
leading experts in the field and their founder (Mike Comer) is considered to be one of
the World’s leading experts on Corporate Fraud.

Management of Fraud ICQ.doc